California Consumer Protection Act Privacy Groups Urge California Lawmakers Not to Weaken California Consumer Privacy Act • A variety of privacy groups, including the Electronic Frontier Foundation, the Digital Privacy Alliance and the Center for Digital Democracy, sent a letter to California lawmakers asking them not to “push California backward” when it comes to privacy … Continue Reading
Class Actions Plaintiffs Seek Approval for $4.3 Million Settlement With Sonic in Credit Card Data Breach Suit • Following a variety of lawsuits against fast food chain Sonic Drive-In related to a 2017 credit card data breach, plaintiffs are seeking consolidation of those suits, class certification and a $4.3 million settlement. • The settlement would … Continue Reading
Every year, especially around the holidays, more and more products that connect to the internet hit the market. For adults, connected home devices that act like personal domestic assistants have become increasingly popular. Children have been adding connected toys, some of which have the intelligence and programming to become a child’s best friend, to their … Continue Reading
Technology advances often help consumers do things quicker or easier. For regulators and law enforcers, such advances often present challenges in keeping laws and regulations up to date. The latest example is amendments announced by the Federal Trade Commission (“FTC”) on December 19, 2012, to update its Children’s Online Privacy Protection Act (“COPPA”) Rule, which … Continue Reading
In a briefing convened by the Congressional Bi-Partisan Privacy Caucus December 13, 2012, co-chairs Ed Markey (D-MA) and Joe Barton (R-TX) tried to advance their agenda of enhancing children’s online privacy in the context of exploring the scope and practices of “data-brokers.” Panelists included credit bureaus, marketing companies, FTC Commissioners, and privacy advocates. Markey kicked … Continue Reading
Monday, on a call with reporters to discuss the findings of its second survey of kids mobile device applications, attorneys with the Federal Trade Commission (1) called on industry – app developers, app stores, and third party recipients of collected data – to improve privacy disclosures; (2) said it is developing consumer education material in … Continue Reading
The Children’s Online Privacy Protection Act (“COPPA”) was passed by Congress at the end of the last century to add protections when an internet site sought to collect “personally identifiable information” (“PII”) from children under 13. The Congress directed the Federal Trade Commission to issue Rules to implement the Act, which it did. Now the … Continue Reading
The end of 2010 featured the Department of Commerce citing the need for a Privacy Bill of Rights in its green paper and the FTC's preliminary online privacy report discussing the need for a Do Not Track mechanism. The momentum generated by these reports led to the introduction of multiple versions of Do Not Track and comprehensive privacy rights bills in early 2011. By mid-2011, at least five different data security and breach notification proposals were circulating in the wake of high profile data breaches. Reports about location based tracking led to the introduction of geolocation privacy and surveillance bills. Proposed amendments to the Children's Online Privacy Protection Act, Electronic Communications Privacy Act, and Video Privacy Protection Act were also made. And by the end of 2011, several cybersecurity bills designed to protect critical infrastructure had been introduced. Even though Congress held hearings on privacy issues, subcommittees approved several bills, and there was support from the Obama administration for comprehensive privacy legislation, as many expected, however, none of these bills were enacted when the first session of the 112th Congress adjourned December 18.
The safe prediction for 2012 is more of the same--a lot of proposals but no consensus. It is certainly possible that another high profile data breach or cyberattack against a utility or government contractor could create enough urgency to force a consensus. However, numerous high profile breaches (Epsilon, Sony, Citi, RSA, Lockheed Martin and several health care providers), hactivist attacks against government security contractors (IRC Federal and HBGary), and reports about how the "weaponized" Stuxnet virus caused centrifuges in an Iranian nuclear facility to spin wildly out of control were not enough in 2011. We certainly expect to see data breach notification, comprehensive privacy, and cybersecurity bills addressed again in 2012. We may also see narrower bills aimed at online and location based tracking as well as Children's privacy. Emerging technology, including mobile payments and facial recognition, may also garner legislative attention.
Below is a round-up of the 2011 privacy and data security legislative proposals, including links to more detailed analysis from our blog posts during the year.… Continue Reading